View RSS Feed

All Blog Entries

  1. Everything you need to know about CVE-2014-6271

    FAQ::



    HTML Code:
    Code execution possible on CGI Web Applications:  	Yes [Critical ]
    Code execution possible on SSH                 : 	       Yes [Not critical or is based on architecture ]
    Working Payload for getting reverse Shell Available:      Yes
    Is the Current patch complete:                                    No
    Where was the Bug:

    Bash supports exporting not just shell variables, but also shell functions to other
    ...

    Updated 10-01-2014 at 03:36 PM by 41.w4r10r

    Categories
    Uncategorized
  2. Reversing Tinba: World's smallest trojan-banker DGA Code

    Introduction:

    CSIS Security Group A/S has uncovered a new trojan-banker family which we have named Tinba (Tiny Banker) alias “Zusy”.
    Name:  1719074795.jpg
Views: 4282
Size:  18.3 KB

    Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing ...
    Categories
    Uncategorized
  3. Garage4Hackers Ranchoddas Webcast on In the DOM- no one will hear you scream By

    Quote Originally Posted by [s] View Post
    Garage October month RWS series, our rancho Author Mario Heiderich

    Title :
    In the DOM- no one will hear you scream

    Recorded Video.

    Abstract
    This talk is about the DOM and its more twilight areas. Well see the weird parts and talk about where and why this might be security
    critical and affect your precious online applications, browser extensions or packaged apps. To understand the foundations
    ...
    Categories
    Uncategorized
  4. Preventing SQL Injection attack ASP.NET PART I


    Introduction


    Security is the most important attribute for any system. Providing secure experience is one of the key principles in the process of gaining customer confidence for a system. Now days, almost all the websites are asking to store user’s personal information in servers to understand the customer and serve better. It’s the responsibility of an organization to confirm that customer’s data is safe and accessed in a secured manner. Security in web ...

    Updated 09-02-2014 at 03:14 PM by mayurlohite

    Categories
    Uncategorized
  5. Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.

    Here we are providing a detail Analysis about Netravelr APT team based on the data we collected over the past 1 year.
    Name:  Screen Shot 2014-08-30 at 12.22.00 pm.jpg
Views: 2788
Size:  26.4 KB

    In 2014 the actors behind global cyber espionage campaign “Operation NetTraveler” celebrate ten years of activity. NetTraveler has targeted more than 350 high-profile victims in 40 countries. So it is high time we make our research public . This is not an individual research, instead this was part of efforts of various Garage4hackers ...

    Updated 08-30-2014 at 12:35 PM by garage4hackers

    Categories
    Uncategorized
  6. Tutorial: Reverse Engineering GameoverZeus DGA code

    DGA : Is it Game Over for GameoverZeus DGA

    Name:  Screen Shot 2014-08-29 at 6.12.14 pm.jpg
Views: 3153
Size:  21.3 KB
    GameoverZeus was brought down and it reincarnated again. The Gameover Zeus is a very authentic contender in our DGA series. So let us analyse it and try to reverse its DGA just like we did in case of PushDO in last article.
    http://www.garage4hackers.com/entry.php?b=3080

    We got lot of request whether we could have a tutorial on reverse engineering DGA codes. So in this series we would ...
    Categories
    Uncategorized
  7. Reverse Engineering : Domain generation for PushDo Malware algorithm released.

    DGA : The domain generation for PushDo unleashed
    Name:  Screen Shot 2014-08-26 at 1.22.56 am.jpg
Views: 3739
Size:  21.3 KB

    About pushdo:

    Four times since 2008, authorities and technology companies have taken the prolific PushDo malware and Cutwail spam botnet offline. Yet much like the Energizer Bunny, it keeps coming back for more.

    In early March, researchers at Damballa discovered a new version of the malware that had adopted a domain generation algorithm (DGA) in order to not only help ...

    Updated 08-26-2014 at 01:41 AM by garage4hackers

    Categories
    Uncategorized
  8. Top 7 “Things” Every Penetration Tester Should Use

    After a long time pinning something down. Disclaimer: Views are mine, based on my experience and knowledge, suggestions to improvise would be appreciated.

    So, Penetration testing, with information security getting closer to become the center of the world, pentesting has become integral part of our lives. The life of security folks. No matter how many times you secure the network, it manages to get back in jeopardy. Sometimes we just want it to stay secure. So the pentest to the rescue ...

    Updated 08-17-2014 at 04:08 PM by the_empty

    Categories
    Uncategorized
    Attached Thumbnails Attached Images   
  9. Why do we love penetration testing (And you should too!)

    Aloha readers!

    Why do we love penetration testing? The question could be either answered in a couple of words or a book can be written on the topic. But for the sake of sanity, let’s stick to a few words. For the muggles reading this post, here is the definition of penetration testing.

    “A penetration test, or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality ...
  10. 7 things about embedded/electronics projects that you might have mistaken

    Well I have not invested lots of years into embedded electronics. I was electronic enthusiastic but never done much into microcontroller and embedded stuff before 2011. By the end of 2011, I had ordered my Teensy (atmega based circuit with built in USB programmer interface). I had ordered Teensy basically to try USB based attack vectors by programming teensy as USB keyboard and trying to create a batch file on the victim computer and run it etc. Some good tools and frameworks have been written about ...
Page 4 of 14 FirstFirst ... 23456 ... LastLast